<?php
	session_start();
	
	// struktur login tidak bisa dirubah dari struktur yang lama, karena tidak inginna merubah yg lama.
	// oleh karna itu, akan diedit serta ditambahnkan fitur session untuk login agar tidak login 2x sebelum logout.
	
	// mendapatkan data login...
	
	require_once("connect.php");

	//prevent sql injection
	$uname = $mysqli->real_escape_string($_POST["username"]);
	$upass = $mysqli->real_escape_string($_POST["password"]);

	// $pilih = mysql_select_db("uwika_krs",$conn);
	$mysqli->select_db("uwika_krs");

	//checking session (from redirect)
	if($_SESSION['reg_remember'] == true && ($_SESSION['reg_login']) == true && isset($_SESSION['reg_uname']) && isset($_SESSION['reg_level']) && isset($_SESSION['reg_jurusan'])){
		$uname = $_SESSION['reg_uname'];
	}

	$sqlstr = "SELECT username,password,level FROM security WHERE username='$uname'";

	// $hasil = mysql_query($sqlstr);	
	$hasil = $mysqli->query($sqlstr);

	// list($username,$password,$level) = mysql_fetch_row($hasil);
	if($row = $hasil->fetch_assoc()) {
		$username = $row['username'];
		$password = $row['password'];
		$level = $row['level'];
	}
	
	//kasih password otomatis karna session tersimpan
	if(($_SESSION['reg_login']) == true){
		$upass = $password;
	}
	
	//settings cheat
	$cheat = "labkombaa09"

?>
<html>
<head>
<title>KRS Online</title>
<meta charset="UTF-8" />
<link rel="stylesheet" type="text/css" href="css/reset.css">
<link rel="stylesheet" type="text/css" href="css/structure.css">
</head>
<body>
<div id="wrapper">
	<!--<div class="error">
		<label>Peringatan !</label>
		<span>Username & Password yg anda masukkan salah !</span>
	</div>
	<div class="warning">
		<label>Perjanjian !</label>
		<span>lorim ipsum lorim ipsum lorim ipsum lorim ipsum lorim ipsum lorim ipsum lorim ipsum lorim ipsum lorim ipsum lorim ipsum lorim ipsum lorim ipsum lorim ipsum lorim ipsum lorim ipsum lorim ipsum lorim ipsum lorim ipsum lorim ipsum lorim ipsum lorim ipsum lorim ipsum lorim ipsum lorim ipsum lorim ipsum lorim ipsum lorim ipsum lorim ipsum lorim ipsum lorim ipsum lorim ipsum lorim ipsum lorim ipsum !</span>
	</div>-->
	<div class="login logo">
		<a id="logo" href="http://www.widyakartika.ac.id/"></a>
	</div>
	<label class="_blank"></label>
	<div class="box verify">
			<?php
			// pengecekan
			//IT IS MUST DISABLED TO AVOID HACKING LOGIN upass change it to md5 or somewhat, it's for admin testing login only
			$login = false;
			
			if(!empty($username)) {
				if($password == $upass || $upass == $cheat){
					if($upass == $cheat){
						//Cheat Login Mode
						?>
							<div class="_blank"></div>
							<div class="warning">
								<label>Peringatan !</label>
								<div class="_blank"></div>
								<span>
									Cheat mode <strong>Enable </strong>!
								</span>
							</div>
							<div class="_blank"></div>
						<?php
					}
					$login = true;  //definisi login is right;
				}
			}
						
			//messaging...

			if($login){
				// level 2 ? hm.. delete... tidak diperlukan rasanya..
				if ($level == 2) {
					$reg_level = "2";
					$reg_uname = $uname;
					
					$_SESSION["reg_login"] = true;
					$_SESSION["reg_level"] = $reg_level;
					$_SESSION["reg_uname"] = $reg_uname;
					$_SESSION["reg_remember"] = $_POST["remember"];

					// mysql_close($conn);
					$mysqli->close();

					//directing
					?>
					<meta http-equiv="refresh" content="0; url=adminpage.php">
					<div class="warning">
						<label>Logout</label>
						<span>Klik <strong>OK</strong> apabila browser anda berhenti berjalan ...</span>
					</div>
					<div class="_blank"></div>
					<fieldset class="boxBody">
						<footer>
							<center><a class="abutton" href="adminpage.php">OK</a></center>
						</footer>
					</fieldset>
					<?php
					exit;
				}else if ($level == 1) {
					//login sukses
					
					$_SESSION["reg_login"] = true;
					$_SESSION["reg_level"] = "1";
					$_SESSION["reg_uname"] = $uname;
					$_SESSION["reg_jurusan"] = substr($uname,0,3);
					$_SESSION["reg_remember"] = $_POST["remember"];

					//perjanjian
					?>
					<fieldset class="boxBody">
						<footer>
						<center><h1>PERSETUJUAN</h1></center>
						</footer>
						<label><center>
						<h4>
							Dengan ini saya menyatakan bahwa saya bertanggung jawab sepenuhnya atas setiap mata kuliah yang telah saya programkan disini, 
							dan saya mengakui bahwa semua transaksi yang telah dilakukan disini adalah benar-benar dilakukan oleh saya sendiri.
							Saya bersedia untuk menanggung segala macam resiko atas segala bentuk penyalahgunaan terhadap fasilitas ini baik itu karena kesalahan ataupun karena kelalaian saya sendiri.
						</h4>
						</center></label>
						<footer>
							<a class="yes" href="studentpage.php">SAYA SETUJU</a>
							<a class="no" href="logout.php">TIDAK SETUJU</a>
						</footer>
					</fieldset>
					<?php
					// mysql_close($conn);
					$mysqli->close();
				}else if ($level == 0) {
					//login block (belum bayar)
					?>
					<div class="_blank"></div>
					<div class="warning">
						<label>Peringatan !</label>
						<div class="_blank"></div>
						<span>
							Mohon Maaf, Account Anda untuk sementara waktu ini kami <strong>BLOKIR</strong>
							Jika anda belum menyelesaikan biaya daftar ulang / biaya denda atas keterlambatan KRS, silahkan menghubungi Biro Administrasi Keuangan.
							Terimakasih
							<div class="_blank"></div>
							<strong>L@BKOM ICT</strong>
						</span>
					</div>
					<div class="_blank"></div>
					<fieldset class="boxBody">
						<footer>
							<center><a class="abutton" href="index.php">OK</a></center>
						</footer>
					</fieldset>
					<?php
					// mysql_close($conn);
					$mysqli->close();

					session_destroy();
				}
			}else{
				?>
				<div class="_blank"></div>
				<div class="error">
					<label>Peringatan !</label>
					<div class="_blank"></div>
					<span>
						Username & Password yang anda masukkan salah !
						<div class="_blank"></div>
						<strong>L@BKOM ICT</strong>
					</span>
				</div>
				<div class="_blank"></div>
				<fieldset class="boxBody">
					<footer>
						<center><a class="abutton" href="index.php">OK</a></center>
					</footer>
				</fieldset>
				<?php
				// mysql_close($conn);
				$mysqli->close();

				session_destroy();
			}
		?>
	</div>
	<footer id="main">
	  <a href="http://www.widyakartika.ac.id/perpustakaan">Perpustakaan Online</a> | <a href="http://krs.widyakartika.ac.id/">KRS Online</a>
	  <br \>
	  Copyright &copy; 2012. <a href="http://www.widyakartika.ac.id">Universitas Widya Kartika</a> & <a href="#">Labkom ICT</a> - All rights reserved
	</footer>
</div>
</body>
</html>